Pureftpd Server Configuration in Debian

Pureftpd Server Configuration in Debian

What is Pureftpd?

Pure-FTPd is a fast, production-quality, standards-conformant FTP server based upon Troll-FTPd. Features include chrooted home directories, virtual domains, built-in 'ls', anti-warez system, configurable ports for passive downloads, FXP protocol, bandwidth throttling, ratios, fortune files, Apache-like log files, fast standalone mode, atomic uploads, text / HTML / XML real-time status report, virtual users, virtual quotas, privilege separation, SSL/TLS and more.

Supported Platforms

The same source code compiles and runs on Linux, OpenBSD, NetBSD, FreeBSD, Solaris, Tru64, Darwin, Irix and HPUX.

Pre-built binary packages are available for SuSE Linux, Mandrake Linux, PLD Linux, Stampede Linux, Slackware Linux (Slimslack), Multilinux, Sorcerer Linux, Fli4L (the one-disk router), ROOT Linux and Gentoo Linux.

Pure-FTPd is also available in port collections : FreeBSD (/usr/ports/ftp/pure-ftpd/), OpenBSD (/usr/ports/net/pure-ftpd/), NetBSD (/usr/pkgsrc/net/pureftpd/), Crux Linux (/usr/ports/contrib/pure-ftpd/) and Gentoo Linux (/usr/portage/net-ftp/pure-ftpd/) .

Pure-FTPd is part of the following operating system by default : EkkoBSD

If you want to download pureftpd click here

Pureftpd server installation in Debian

If you want to install pureftpd in debian you need to run the following command

#apt-get install pure-ftpd-common pure-ftpd

Note:- these packages use a complete new configuration scheme, read the pure-ftpd-wrapper manual page for more information.

For pure-ftpd-wrapper man page click here

Starting and the Configuring the Server

PureFTPd has many options available, not only when installing the program, but also when starting the daemon. Here again we will only be covering a few of them but you can always get a full listing from the readme which accompanied the sourceball, or by typing the following at your terminal prompt as root:

#pure-ftpd --help

Please note that these options are case-sensitive

-A -chroot everyone but root.
-b -Ignore some standards in order to deal with broken clients such as Internet Explorer ;) .
-B -Instruct the standalone server to start in the background
-c 5 -Limit the maximum number of clients to 5 (or whatever number you like, default is 50).
-C 2 -Limit the number of simultaneous connections from the same IP address to 2 (or whatever number you like).
-E -Only allow authenticated users (if you wanted anonymous only you would substitute -e).
-j -If the user doesn't have a home directory create it at first login.
-l puredb:/etc/pureftpd.pdb -Specify the path to our virtual user database (more on this later).
-R -Disallow the usage of the chmod command.
-u 1 -Don't allow uids below 1 (or whatever you choose, disallowing uids below 1 denies access to the root user, this is usually a good idea).
-X -Disallow user access to files / directories beginning with ('.') .

We will be issuing usernames and passwords for our FTP server, we will not be allowing anonymous logins, this is where the -l switch we used above comes in, PureFTPd has the ability to manage Virtual Users, which, put simply means the user doesn't actually exist as far as your system is concerned, only PureFTPd knows about these user types. We do this with another PureFTPd command called pure-pw, but first we need to create a system user and group to which all virtual users will be associated, literally thousands of virtual users can share the same system username as long as they are all chrooted and have their own home directory. So as root issue the following commands at your terminal prompt:

#groupadd ftpgroup

#useradd -g ftpgroup -d /dev/null -s /etc ftpuser

From now on out all maintenance of virtual users will be done using pure-pw, now lets go ahead and create our first user. As always, there are lots of options you can use when creating virtual users, we'll use a few in this example, but you can always get a full list by typing pure-pw --help at your terminal prompt, or by reading the README.Virtual-Users file included with the sourceball. So lets create a user call mike, issue the following command at your terminal prompt as root:

#pure-pw useradd test1 -u ftpuser -d /home/ftpusers/test1

Here we have added the virtual user test1, associated him with the system user account ftpuser, made sure he will only have access to his directory by chrooting him -d and told PureFTPd to create test1's home directory, which it will do on the fly as we started the service with the -j switch mentioned previously. Now before this account is usable we need to commit our changes, issue the following command at your terminal prompt to accomplish that:

#pure-pw mkdb

This creates the file mentioned earlier called /etc/pureftpd.pdb, this file houses all information related to your virtual users, there is no need to restart your service when issuing this command as it is updated on the fly and changes take effect immediately. Lets say test1 forgot his password and wants it changed, here's what you'd do:

#pure-pw passwd test1

Enter test1's new password, then commit your changes by updating pureftpd.pdb:

#pure-pw mkdb

Thats it, test1 is ready to go, now lets say test1 has become a liability and you want to get rid of him, just do the following:

#pure-pw userdel test1

This deletes test1's login, but not his home directory, directories must be deleted manually if desired. Ok, now that test1 was deleted, lets say we have another user named ruchi, and we want to check his current account settings, simply issue the following command:

#pure-pw show ruchi

PureFTPd shows you a listing of his current account settings as follows:

Login : ruchi
Password : $1$iHfIGmj0$jHoS4kaYt3u6Rjq2jnokE1
UID : 501 (ftpuser)
GID : 501 (ftpgroup)
Directory : /home/ftpusers/ruchi/./
Full name :
Download bandwidth : 0 Kb (unlimited)
Upload bandwidth : 0 Kb (unlimited)
Max files : 0 (unlimited)
Max size : 0 Mb (unlimited)
Ratio : 0:0 (unlimited:unlimited) Allowed local IPs :
Denied local IPs :
Allowed client IPs :
Denied client IPs :
Time restrictions : 0000-0000 (unlimited)
Max sim sessions : 0 (unlimited)

If you had set additional restrictions on ruchi's account via the options mentioned earlier such as quotas, bandwidth throttling, etc., you would see them listed here. Now lets assume you just want to see who is currently logged into your server, its as simple as this:

#pure-ftpwho

The command will execute and display a nice formatted list to your screen showing current users, time logged in, speed, originating IP address, etc., its a very nice command to have at your disposal if you run a busy server and you need to see who is doing what.

Basicall, you just add files that represent commandline options to a directory /etc/pureftpd/conf/. For instance, to configure a trusted GID for which no chrooting takes place, pure-ftpd provides the --trustedgid option. To enable this as a configuration option, you create a file named TrustedGID and put the GID in that file.

Create symlink to add PureDB to authentication methods

#cd /etc/pure-ftpd/auth

#ln -s ../conf/PureDB 50pure

Disable PAM authentication unless you need it

#echo no > /etc/pure-ftpd/conf/PAMAuthentication

Disable UNIX authentication unless you need it

#echo no > /etc/pure-ftpd/conf/UnixAuthentication

If you want know about more pureftp configuration options click here

If you want pureftpd server web interface or GUI tools click here